Establishing a secure computing environment may include creating trust relationships between various components of a computing platform to enhance authentication, integrity, confidentiality, and control associated with platform transactions. In some cases, the platform may utilize a shielded controller, sometimes called a “trusted platform module” (TPM). Additional information regarding the TPM may be found at the Trusted Computing Group website, www.trustedcomputinggroup.org/home, including “TPM Main Specification Version 1.2 Revision 62” (2 Oct. 2003). The TPM may operate to uniquely identify the platform globally, to construct and exchange encryption keys, and to perform other tasks associated with establishing and enforcing the secure computing environment.
The TPM may provide access to one or more sets of registers, perhaps internal to the TPM, sometimes referred to as a “platform configuration register (PCR) set.” A basic input-output system (BIOS), an operating system (OS), or a software application may detect one or more values associated with a platform resource and store a hash calculation performed on the one or more values in the PCR set. Upon platform boot, for example, a platform BIOS may perform an inventory of platform resources and “measure” these into the PCR set by storing in the PCR set a hash value associated with each resource. The OS, the software application, and other software or hardware may subsequently access the PCR set to retrieve a cryptographic history of the previous measurements.
A virtual machine (VM) computing platform may attempt to manage multiple BIOS, OS, software applications, or other entities attempting to use a single platform resource. However, when two or more entities running on the VM computing platform attempt to write to the PCR set, data collision may occur. That is, one entity may overwrite another; or the source of the PCR set contents may be ambiguous after more than one entity writes to the PCR set.